In this case it's a storage system from this little outfit called NetApp
:)

However ... the decision was based on experience that included homebrew storage.
Even at 1 Gbps, our little NFS boxes were far easier to manage than big-vendor
iSCSI. I never want to read the words "logical volume not on preferred path"
again. Several of my future homicide victims will have those words written
on their gravestones.

key with a specific exponent, or do you have to just keep re-keying
until you get something acceptable?

Yeah, there are some arcane options to openssl's commandline that let you
override the default exponent. There are only a few that are commonly in use,
and the only one that's broadly acceptable to all software, and also secure
under the most stringent standards, is probably 65537

But it's all pointless unless you ensure that every CA cert in the chain
that signs your key, also uses a large exponent.

In this case it's a storage system from this little outfit called NetApp :)

However ... the decision was based on experience that included homebrew storage. Even at 1 Gbps, our little NFS boxes were far easier to manage than big-vendor iSCSI. I never want to read the words "logical volume not on preferred path" again. Several of my future homicide victims will have those words written on their gravestones.

Funny you should say. I just remembered Coraid the other day and thought, what if they were still not just sales droids, but actually wanted to sell something to some company without coming off as being a used car salesman. I took the bait and researched what little there was on the internets to be gleaned and finally had to go to the website and post a "gimmie a quote you slimy so and so" request. The site made it seem like you were filling in a quote sheet that would be automated and sent out in a few minutes, but it was not until the next morning that I found out that 'it's a trap' was in store.

The sales droid first sent me an email with no body text (yes I use alpine as my mail client), but I digress. The second email was one to implore me to call him back for the quote. After a few hours he emailed me a sketchy pdf which contained the semi plausible bits that described a 1GBps/10GBps san unit (without enough details and enough asterisks to choke a horse stating that you needed a support contract on top of the purchase price of the hardware before they would sell you the minimum hardware). Even the base price (minus any drives) was enough to make me go away.

Glad you had more fun in that arena IG. I have opted for simple raid 1+0 and NFS to fit the bill for now as the needs have not shot past that (yet).

Heh. Back when we had a ridiculously low budget, we came into possession
of some Isilon boxes. Their schtick is that there's no big box, just lots
of little ones tied together with Infiniband. I ripped out the Infiniband
cards, threw away their software, and loaded OpenFiler on them. NFS for the
win - even at 1 Gbps it was a great performer.

This year we have upper management that wants us to be Teh Cloud (tm) so
we got the budget for NetApp hardware. Yum. It's pricey but the performance
just screams. Because cloud.

you override the default exponent. There are only a few that are
commonly in use, and the only one that's broadly acceptable to all
software, and also secure under the most stringent standards, is
probably 65537

I learned that 65537 is the default for OpenSSL while learning how to check
to see if a certificate matches a particular public key (such as, when a CSR
is sent out to a customer and then the cert they send back may or may not
be generated from the CSR you gave them ... some people do weird things).
"Compare the modulus and exponent." And I said "gee, the exponent is *always*
65537, what's with that?"

You could probably build a local network with it. Good luck getting your hands on something to route traffic between different IPX subnets.

(Horrible memories of routers with fixed size RIP/SAP tables and seeing networks and services randomly drop off the network...)

I do think that the deployment of IPv6 is going to bring back some of the old IPX traditions. An IPX address was 32 bits of network and 48 bits of host, with the host side being a MAC address. IPv6 can autoconfig based on MAC address when the subnet size is /64 (as is recommended and typical). I think we'll see a lot of "let it autoconfig and register itself with DNS" which is an awful lot like "get an address from RIP and register your name with SAP"

Yeah, I think IPX/SPX is more the way to go, if we elect to go down the road
of an alternative protocol.

We can't use something that goes over TCP/IP for our purposes... we're trying
to hide communications on the LAN (so students do not confuse our traffic
for the kind of traffic they seek in their lessons).

We have other alternatives, but they aren't necessarily very good (e.g. virtual
serial ports).

It's a protocol that has been around a while, but remains supported in some
fashion. I can even download a user-land stack for it that can be compiled
on Linux or Windows, and it looks to be better able to avoid SYN attacks.